David Fergins • Network Architect

SUMMARY

Network Architect with over 18 years of IT, technical, systems, networking, and information security experience. Possesses knowledge and professional experience in the following areas: Designing, installing, configuring, maintaining, decommissioning, technical project management, and transitioning/migrating highly complex and secure enterprise and conglomerate-size networks from legacy to modern topologies and the latest cloud environments.

Drafting respective site documentation including, methods of operations (MOPs), bill of materials (BOMs), request for proposals (RFPs), budgetary estimates/quotes, and root cause analysis and remediation (RCA/R).

Advanced knowledge of cutting-edge technologies and concepts; interior and exterior network routing protocols, switching concepts, network security defense-in-depth frameworks, and many virtualization deployment schemas.

Strong background in routing, switching, and network security; with hands-on, Internet Service Provider (ISP) exposure/support, and CCIE-level experience using the full array of Cisco, Juniper, and Arista product lineups.

Designed/deployed/maintained both exterior and interior routing protocol implementations and administrated authentication mechanisms (RIP, EIGRP, OSPF, BGP, MPLS, AAA Authentication, TACACS+, IKE2, 802.1x, 802.11x, RADIUS, Kerberos, EAP, OTP/MFA), layer 2 and 3 protocols to draft/publish/promulgate enterprise architectural and network LAN/WAN/SD-WAN designs.

Experience with numerous cloud providers and virtualization technologies e.g., Amazon, Azure, Rackspace, Google, and VMware, and have supported many public, private, and hybrid projects; invoking and enforcing the dual vendor model (DVM) and redundant supply chain strategies.

Direct experience with Continuous Integration/Improvement and Continuous Deployment/Development (CI/CD) and automation working with tools such as Kubernetes, Docker, Terraform, GitLab, GitHub, FRINX, and lingua franca code languages such as Ansible, Python, Netconf, RestConf, and Perl scripting languages to automate various standardized tasks.

Knowledge and experience with deploying Cisco ACI Nexus 9Ks – designing and leveraging APIC, VXLAN, ECMP, NV-GRE, SAML, LDAP, EVPN, and various SDN/NFV abstraction and controlling methods and technologies.

TECHNICAL SKILLS

Network Protocols: LAN/MAN/WAN/Metro-E, Wireless (802.11a/b/g/n/ac/ay, WAPs, Aironetx, 5500 WLCs, etc.), TCP/IP protocol stack, DNS/BIND/DNSSEC, SNMPv1-3, SSH, S/TFTP, EIGRPv0-1, OSPFv1-3 (single/multi-area), BGP (iBGP/eBGP), Multicast - SSM, MPLS – LSP/LDP/RSVP (Pseudo Wires), GRE/mGRE (DMVPN) & IPsec Tunnels, Service Oriented IPV4 & IPV6 (SOIP) administration and design solutions, QoS/CoS/DSCP, Fiber Channel, FCoE, NFS and iSCSI, Taclane, IS-IS, Fabric Path, EPS.

Internetwork Devices: Switch/router configuration Cisco ISR - 3900, 4451; Cisco ASR - 1000, 5000, 9000; Cisco CSRs; IOS 2960, 3650, 3750, 4500, 6500, 6800, 7600; Nexus - 1000V, 2000, 5000, 7000, 9000; ASA – 5585.

Juniper: JUNOS EX - EX4200, EX4300/MX - MX960/QFX - QFX5100/SRX - SRX240, SRX650, SRX1400, SRX3400, SRX3600, SRX5400X, SRX5800 series.

Windows OSx & Linux OSx: Installation of hardware/software and problem resolution.

Commissioning/Configuration/Maintenance/Decommissioning: Check Point R80 Gaia/SPLAT R7-X.

Cisco ASA, Juniper MBH MX960, Palo Alto Networks: 200, 500, 3000, 5000, and like vPlatforms.

Programming Code Knowledge & Experience: Python (2.7 & 3x), VBA, HTML/HTML5, C++, Java, JavaScript, Perl, Terraform, and Ansible, Golang (GO); Repositories& CI/CD: Github, Jenkins, Kubernetes, Chef.

Database: MSSQL, PostgreSQL, MySQL; knowledge of NOSQL Apache Cassandra, AWS RDS, Aurora, and AWS serverless architecture.

Software/Monitoring/Networking Tools: Microsoft Office Suite, Wire Shark, Tcpdump, NMap, SolarWinds, SharePoint-x, ERP, WMS, CRM, MS Visio, Adobe XI Pro, SecureCRT, SAP, VMware NSX, Citrix, Infoblox, NetBrain.

Load Balance and WAN Acceleration Technologies: F5 Viprion/LTM/GSLB, A10, Riverbed.

Firewalls: Aventail, Dell Defender, Fortinet, FirePower, Juniper SRXx, Palo Alto, Cisco ASA, Check Point; Remote Desktop Software - MS RDP, TeamViewer, Bomgar, HPNA, IPControl.

SIEMs/Forensics/IPS/IDS/Endpoint: IBM QRadar, Splunk, Alien Vault, Bro/Snort, McAfee ePO, Kali, Debian.

Cloud Knowledge & Exposure: AWS – VPC/EC2/S3/DirectConnect/CloudWatch/CloudFront/Route53/VGW/IGW/SecurityGroups/etc., Azure, VMware – NSX/vDistributed Switch/vSwitch/etc., Google (GCP).

Ticket Escalation Systems: Cherwell, Remedy, Salesforce, IBM, JIRA, Confluence.

PROFESSIONAL EXPERIENCE

Charter Communications October 2017 - Present

Principal Engineer (Network Architect)

Principal Engineer responsible for architecting, integrating, testing and qualifying new products for Linear Video and File Based Content Delivery Networks (CDNs). The CDN solutions are required for multiscreen video service distribution to Charter customers.

Duties include working with a team of advanced engineers whom support the development, integration, test and troubleshooting of various technologies which support Charter's digital headend systems, IP networks, mobile/web video delivery, Cloud infrastructure and encryption/DRM solutions for production deployment and engineering labs.

Participate in creating architecture, specifications, and test plans for production product deployment.

Provide subject matter expertise in the following areas; public/private CDNs, IP networking, multicast, and high-quality streaming video for multiscreen video applications.

Provide analysis, solution architectures, specifications and test plans in support of various Advanced Engineering and Development projects to include, but not limited to availability, elasticity, scale, performance, security and control for private, public and/or hybrid system architectures.

Direct the evaluation and testing of new technologies and provide implementation and design documentation.

Use network design software like Visio and document procedures using tools such as ForeScout CounterACT, NetBrain, Extrahop, JIRA and Confluence.

Oversees in integration and implementation of complex software systems and COTS and locally built applications.

Assists with deployments and maintenance of MVPD networks and systems for delivering Linear and On-Demand services; utilizing SSM streams (S, G) and IGMPv3.

Work daily with CDN cache technologies such as NGINX, transparent caching and cache optimization for low latency/high bandwidth packet transfer.

Utilize developing scripts and tools for system automation, performance benchmarking and exercising various APIs.

Strong inquisitive nature and ability to work well with vendors and internal stakeholders to drive to solutions.

Work cross-functionally with Product, Engineering, Project Management, and Operations teams.

Responsible for keeping abreast of standards and regulatory requirements which impact IP video delivery solutions.

Leverage modern service delivery networks - HFC, IP Networking, DOCSIS, Transport, infrastructure monitoring solutions (ELK, Splunk, Nagios), virtualization solutions (VMware, Citrix), computing hardware (HP, Cisco, Juniper, and Arista), MPEG, and protocols such as DASH and HLS.

Design, implement, and deliver surrounding standards for intricately complex native application products for users.

Actively and independently acquire knowledge of new development technologies in areas such as mobile, video, second screen, social media and other niches.

Lead development teams to respond, clarify or define specific application behavior, look/feel and function, and design requirements.

Diagnose intricately complex issues, evaluate, recommend and execute the best resolution within ITIL and Agile frameworks.

Manage detailed application requirements and collaborate with project /development teams to ensure quality function, features and user experience.

Develop, modify, enhance and implement software and network and security systems designed to support new or existing business initiatives.

Influence system design by identifying and recommending design and requirements needs for software, network, and security enhancements.

Test software to ensure proper and efficient execution and adherence to business and technical requirements.

Participate in design and wireframe review to provide a technical perspective on implementation.

Ensure alignment between the business operational strategies and technical solutions.

Analyze and revise existing system logic difficulties and documentation.

Implement designs, execute project deliverables and estimate scope of work.

Provide technical leadership and innovation on application projects through all phases of a development lifecycle.

MAXIMUS, INC July 2015 - October 2017

Senior Network Engineer

• Maintained a thorough understanding of the basics behind the Internet and its workings (DNS, Security, IP Routing, HTTP/S, VPN (GRE, mGRE, DMVPN, IPSEC), Email Routing, SPAM, etc.).

• Designed, setup and configured complex wireless networking that supported open or secured access and the ability to support voice and video applications (Multicast).

• Utilized network sniffing software (i.e., Wire Shark, NMAP, SNORT, TCPDump, etc.) to discover and mitigate enterprise IT landscape threats, risks, exploits (RATS & FUDS), zero-day, and known vulnerabilities.

• Assisted in the designing of multi-vendor server environments including IP address schemes, DNS, WINS, Ether Channel (Bonding), high-availability (HA Pair), DB Clustering, Wireless & Security Architecture, etc.

• Maintained multi-site network operations and software applications, operating systems, and regular maintenance with both private and public facilities.

• Managed assigned projects and program components to deliver services in accordance with established ITILv3 service and IT portfolio management objectives.

• Responded to inquiries from staff, administrators, service providers, site personnel, outside vendors, etc. to provide technical assistance and support.

• Supervised the administration of systems and servers related networks to ensure availability of services to authorized users.

• Assisted with compliance and compulsory-governed audits and with various organizational policy enforcement.

• Collaborated with geographically-dispersed teams to efficiently handle various project technically-based initiatives.

• Troubleshot malfunctions of network hardware and software applications, telephony (Avaya, Jabber, UCCM, and Verizon Virtual Communication Express (VCE)) and security systems to resolve operational issues and restore services.

• Configured and installed Cisco ASA, Juniper SRXs, Check Point, Aventail, and Palo Alto Firewalls, utilized VPN Concentrators and Security Appliances to limit access to vital software and physical business applications and equipment.

• Worked with IPS/IDS/DLP/URL filtering & categorizing/endpoint security via virtual and physical mediums Check Point, McAfee ePO, Symantec, Palo Alto, and Aventail.

• Monitored and assessed enterprise environment security posture using Cisco Qualys, SolarWinds Orion, Nagios, and various MS tools such as SCCM, and adhered to subsequent reports and analysis.

• Designed, configured, and implemented secure/mobile complex switching and routing environments.

• Configured and installed client and server network software for upgrading and maintaining network and telecommunication systems.

• Created and maintained associated documentation of all built and supported computing environments.

• Supported MPLS circuit turn-up/maintenance/decommissioning - participated in vendor-related conferences to solidify support details; port sizes, device script loading, handoff details, etc.

• Facilitated multifactor authentication and provided corresponding support.

• Integrated both exterior and interior routing protocols and administrator authentication mechanisms (RIP, EIGRP, OSPF, BGP, MPLS, AAA Authentication, TACACS+), layer 2 and 3 protocols to draft enterprise architectural and network LAN/WAN designs.

• Performed additional duties as assigned and participates in tri-monthly on-call rotation.

SWISSLOG TRANSLOGIC April 2014 - July 2015

Senior Network Engineer

• Derived system-level requirements from architectural guidelines and project objectives.

• Responsible for analyzing, designing, installing, configuring, maintaining, and repairing network infrastructure and application components.

• Performed a wide variety of duties to ensure compatibility between the client, the client's IT system, and Swisslog's Automated Material Transport Systems (AMTS).

• Served as a member of our specialized technical support team to provide input, direction, and training to all levels of Field Service/Commissioning Team Technicians.

• Provided direction, information and recommendations regarding network configurations and installations.

• Responsible for supporting installations and commissioning of IT hardware, software, provides Tier III assistance for technical support.

• Provided 24-hour technical support technical phone support for Swisslog's Field Service/Commissioning Team engineers and customers.

• Maintained a thorough understanding of the basics behind the internet and its workings (DNS, security, TCP/IP, various routing and switching protocols, HTTP, VPN, etc.).

• Provided support to field service/commissioning team technicians on numerous products, IT, and software related issues; including troubleshooting, resolving issues, and developing corrective and preventive actions

• Performed additional duties as required and participated in weekly on-call rotation.

• Responsible for maintaining all interfaces between Swisslog AMTS products and customers' LAN/WAN and information systems.

• Worked side-by-side with software development engineers, Field Service/Commissioning Team Technicians, and clients to respond to general and complex IT-related questions.

• Provided support with installation and configuration of Windows operating systems including client and server-based systems.

• Provided support with installation and configuration of SQL Server 2003/2008/2012/2014 platforms; served as a database administrator for onsite SSRS deployment.

• Consulted for application and database integration into virtualized computing environments using VMware product suites (i.e. vSphere, vRealize, NSX, VDS, VIPs, etc. and VM replication arrangements).

• Assisted with and leads the troubleshooting customer network and IT infrastructure including VPNs, switches, routers, firewalls, virtualization technologies.

• Read schematics and wiring diagrams to extract necessary technical information.

• Evaluated cost analyses and vendor comparisons for large scale projects to ensure cost-effective and efficient operations, and measures feasibility of various approaches.

• Analyzed network traffic for performance issues and provides recommendations for resolution.

• Designed and deployed the following technologies: Cisco routers/switches/firewalls, internal and external routing protocols (RIP, EIGRP, OSPF, BGP, AAA Authentication, and TACACS+), layer 2 and 3 protocols.

• Provided specifications for new network hardware and software selection, implementation techniques and tools for the most efficient solution to meet business needs, including present and future capacity requirements.

• Developed detailed designs with supporting implementation, test and transition plans.

• Interfaced with customer IT/Network support staff to ensure proper escalation during outages or periods of degraded system performance.

• Participated in developing more secure coding practices; implementing query parametrization strategies, infeasible verification, XSS remediation, etc.

• Worked with HMI and PLC automated robotics; including pressurized valves, vacuums, blowers, and real-time operating systems (RTOS).

NORTHROP GRUMMAN - Schriever AFB, CO May 2012 - April 2014

Enterprise Network Design Engineer

• Derived system-level requirements from architectural guidelines and project objectives.

• Developed detailed designs with supporting implementation, test and transition plans.

• Assisted in generating conceptual, logical and physical network architectures, documents, testing analyses, test plans and risk assessments to ensure sound architecture which meet client needs.

• Assisted teams that analyze, design, troubleshoot and implement network architecture in order to best meet client requirements; leverages resources from different teams to ensure that customer needs were met.

• Performed additional duties as required and participated in recurrent on-call rotation.

• Assisted in troubleshooting the most complex data or voice network and hardware problems; researches and analyzes significant, complex network problems that require evaluation of intangibles, such as downstream effects on client satisfaction; assesses and evaluates current and future systems.

• Assisted in determining methods and procedures to be implemented and used on moderately complex new technologies to enhance performance.

• Researched technological advancements to ensure that voice and data networking solutions were continuously improved, supported and aligned with industry and company standards.

• Tasked to employ inline encryption devices (e.g., Taclane) to protect sensitive national security data.

• Evaluated cost analyses and vendor comparisons for large scale projects to ensure cost-effective and efficient operations, and measures feasibility of various approaches.

• Recommended moderately complex investment decisions to management and customers based on results of independent assessment of current and future data or voice network performance, stability, and network management issues.

• Designed and deploys the following technologies: Cisco routers/switches/firewalls, internal and external routing protocols (OSPF, BGP, AAA Authentication, TACACS+), layer 2 protocols, multicast, local and long-haul data transmission mediums (RS-530, T1, T3, OC-x, etc.), SONET, Type I encryption devices and network timing systems.

• Provided detailed information in designing and planning voice and network communications and infrastructure systems to include all areas of network and computer hardware and software interconnection and interfacing, such as routers, multiplexers, firewalls, hubs, bridges, gateways and storage systems.

• Possessed knowledge of WAFs such as Barracuda and Bluecoat.

• Provided specifications for new network hardware and software selection, implementation techniques and tools for the most efficient solution to meet business needs, including present and future capacity requirements.

• Assisted in the purchase, testing, installation, and support of network communications equipment including LAN/MAN/WAN systems.

• Provided assistance and oversight for all information systems operations activities, including computer and telecommunications/communications operations, data control, LAN/MAN/WAN administration and operations support, operating systems programming, system security policy procedures, and/or system administration functions.

• Analyzed network traffic for performance issues and provides recommendations for resolution.

• Monitored and responded to hardware, software, and network problems.

• Interfaced with contractor support service groups to ensure proper escalation during outages or periods of degraded system performance.

• Conducted pre-and-post testing of network design utilizing developed and/or prescribed test plans.

• Administered all property-related activities for the Combined JRDC Complex.

• Coordinated property control activities to ensure continual accountability of Government, associate contractor, or company property in accordance with applicable Government regulations or corporate policy.

• Maintained property accountability records and determines condition and arranges disposal of surplus or obsolete material or equipment. Contacted potential users and negotiated transfers.

• Conducted contract location property audits; provided guidance on Government regulations pertaining to property accountability; developed, recommended, and implemented property administration policy; and prepared periodic and special purpose reports relative to such matters as taxes, rentals, and leasing, insurance, facility usage, etc.

• Performed liaison roles between contractor location and the Defense Contract Management Agency (DCMA) during yearly Property Control System Analysis (PCSA). Uses the IEMS to manage and maintain property and resources.

• Ensured procurement management meets applicable plans and directive to support mission needs.

• Provided supply support/oversight to meet applicable regulations.

• Oversaw inventory management to meet contract requirements and maintain inventory records.

• Maintained a system to update and report inventory changes to meet contract requirements.

DEPARTMENT OF DEFENSE, US AIR FORCE - Schriever AFB, CO May 2011 - May 2012

Business Analyst/Information Assurance Officer

• Wrote detailed functional specifications including process and design for user interfaces, and database modifications.

• Performed additional duties as required and participated in cyclical on-call rotation.

• Oversaw Microsoft SharePoint intranet virtual space development; workflows, interactive application sharing, reporting.

• Instituted awareness of security compliance and audits and ensured sound security principles were implemented to ensure authenticity and integrity of transmitted information.

• Reviewed progress and evaluated results of product development projects.

• Supported GOTS (including MICAS, Standard Desktop Configuration 3) and COTS (i.e. IntelliTrack PackageTrack 8.0, Windows 7 Enterprise XP Mode) applications.

• Performed Information Assurance Officer (IAO) duties, employing a 6-Step Risk Management Framework IAW DIACAP processes that adheres to Air Force/DOD compulsory mandates.

• Collaborated with external and internal customers and vendors to identify and prioritize business requirements; worked directly with AFNETOPS (Enterprise Service Desk), LAN/Port Security, Client.

• Supported technicians, and Base Equipment Custodian Office (BECO) as the communications focal point to facilitate [comprise, analyze, resolve] incident requests and associated engineering change work orders.

• Oversaw systems integration; imaging and secure image build activities.

• Comprised technical writing - to include instructional training manuals, audio/visual aids, and corporate level correspondence and budget plans for the development of managers and staff.

• Performed analysis of operational functions (e.g., network connectivity), physical assets (e.g., workstations, servers, etc.), staffing, and service delivery.

• Oversaw collaborative development and adoption of IT standards and practices.

• Personally, handled data forensics and chain of custody activities.

• Developed performance metrics to evaluate effectiveness of process implementation, ensure adherence to applicable regulations, and identified potential gaps in policies and procedures.

• Conducted regular risk assessment and quality assurance reviews.

• Established effective relationships with vendors in support of service level agreements.

• Managed fiscal budget of $1mil and successfully forecasted annual requirements.

• Supported various computing systems in a PKI/MAC setting; utilizing numerous encryption methodologies - encrypting data at rest, in transit, and in mobile devices - again advance and persistent threats.

• Participated in threat modeling and threat landscape illuminating.

SANTA BARBARA APPLIED RESEARCH, INC - Schriever AFB, CO January 2008 - May 2011

Client Support Administrator/Business Systems Analyst

• Systems integration; imaging and image building.

• Assisted with warranty reconciliation with leading manufacturers.

• Employed enterprise resource planning applications, and MS SQL Server database creation/queries.

• Performed Standard Desktop Configuration Support and Client Support Administrator activities - printer installations/troubleshooting; assisted with software loads, remedy tickets, personnel e-mail configuration, SharePoint design and organization intranet web development.

• Employed complex research activities surrounding enterprise software/hardware procurement.

• Performed strategy reformulation and accompanying technical writing - to include instructional training manuals, audio/visual aids, and corporate level brochures/articles/correspondence.

• Performed additional duties as required and participated in cyclical on-call rotation.

EDUCATION

Master of Science in Information Technology Management, Network Management

Western Governors University - Salt Lake City, UT – (Graduated) 2016

Master of Business Administration

Touro University International - Cypress, CA – (Graduated) 2009

CERTIFICATIONS/SPECIALIZED TRAINING

Completed A+ Course (Certificate Equivalent)

Security + COMP001020307657

VMware Certified Associate - Data Center Virtualization (VCA-DCV) VMW-01239123M-00393175

Cisco Certified Network Professional (CCNP) CSCO1215916 (Route & T-Shoot *Expired*)

PCAP - *pending – December 2020*

AWS Solutions Architect Training

PERL, Python, GOLANG Intermediate Training

AWS Certified Advanced Networking *pending - Dec 2020*

ITIL Trained

Contact this candidate